[Secure-testing-team] Bug#863884: CVE-2017-9334
Guido Günther
agx at sigxcpu.org
Thu Jun 1 15:00:33 UTC 2017
Package: chicken
X-Debbugs-CC: team at security.debian.org secure-testing-team at lists.alioth.debian.org
Severity: grave
Tags: security
Hi,
the following vulnerability was published for chicken.
CVE-2017-9334[0]:
| An incorrect "pair?" check in the Scheme "length" procedure results in
| an unsafe pointer dereference in all CHICKEN Scheme versions prior to
| 4.13, which allows an attacker to cause a denial of service by passing
| an improper list to an application that calls "length" on it.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-9334
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9334
Please adjust the affected versions in the BTS as needed.
More information about the Secure-testing-team
mailing list